XBox 360 Live router hell

Posted by: jbauer

XBox 360 Live router hell - 07/06/2006 18:33

I'm sick of trying to get my NetScreen firewall to play nice with XBox Live. I'm gonna get a "Microsoft Certified" cheap-ie router. Please see this thread:

http://forums.xbox.com/4732157/ShowPost.aspx

What do you guys/gals use?

- Thanx
- Jon
Posted by: matthew_k

Re: XBox 360 Live router hell - 07/06/2006 18:45

Seems like a complete load of cow manure. What exactly is so special about an xbox 360 that it needs a "microsoft certified" router?

It should be easy to forward the necessary ports. Doing this automatically can be handeled through upnp. Anything more than that that is just microsoft's usual extortionary bussiness practices.

Matthew
Posted by: matthew_k

Re: XBox 360 Live router hell - 07/06/2006 18:46

Oh. I use a wrt54g(l). If there's something a home network needs that it can't do, I don't know what it is.

Matthew
Posted by: BAKup

Re: XBox 360 Live router hell - 07/06/2006 19:12

I'm using a home-rolled iptables firewall, but about to throw it out and use a Linksys WRT54GS in its place, since I'm having weird issues with it.
Posted by: jbauer

Re: XBox 360 Live router hell - 07/06/2006 19:25

Quote:
Seems like a complete load of cow manure. What exactly is so special about an xbox 360 that it needs a "microsoft certified" router?


Yeah, I semi agree.

My NetScreen 5GT or 5XP is a quality firewall, but it doesn't have UPNP as Juniper/NetScreen don't sell these devices as consumer devices. I read this: http://support.microsoft.com/kb/908874/en-us and set those ports to be open. I've never once seen an XBox live related packet hit my FW (from the outside). I DO see lots of XBox packets LEAVING my trusted internal network.

I can't get my XBox NAT evalutation to be anything less than "strict". I think that UPNP just opens and closes needed ports whenever XBox Live needs them. Since I have mine open all the time, I don't know why I get a "strict" designation. I think it has something to do with our implementation of NAT...

I think the Microsoft certification just means that the company is a "friend" to Microsoft AND they tested the implementation of UPNP to be sure it works ok with XBox live. I'm sure that most implementations will work, although if you scan through the XBox forum posts, there are a lot of routers that seem to give people headaches...

- Jon
Posted by: matthew_k

Re: XBox 360 Live router hell - 07/06/2006 19:43

You're forwarding both TCP and UDP packets?

Try putting the xbox as the DMZ host and see if it works.

Matthew
Posted by: jbauer

Re: XBox 360 Live router hell - 07/06/2006 19:45

Quote:
You're forwarding both TCP and UDP packets?

Try putting the xbox as the DMZ host and see if it works.

Matthew


Yep - both TCP and UDP. I can test the port forwarding by doing a "telnet <ip address> 3074" - which is the TCP port. It works fine. XBox NEVER uses it though. I only see packets originating within my network.

The device doesn't have a DMZ like the low end routers do either.

I've used a ANY ANY ANY policy on the XBox, so that ALL incoming packets will get through, no matter what port, and I still see a "strict" setting, and no outside originated packets. It's my NAT that's hosing me.

- Jon
Posted by: jbauer

Re: XBox 360 Live router hell - 07/06/2006 21:07

I've got a dialog going with Major Nelson at XBox Live to try and sort this out. If I make progress, I'll post it here.

- Thanx
- Jon
Posted by: BAKup

Re: XBox 360 Live router hell - 07/06/2006 23:00

Quote:
I've got a dialog going with Major Nelson at XBox Live to try and sort this out. If I make progress, I'll post it here.


Please let me know how that works out, and what ports should be forwarded to the 360.

That way when mine comes back from its second time under warranty repair, I'll be able to sort out my firewall problems.
Posted by: drakino

Re: XBox 360 Live router hell - 08/06/2006 01:54

Quote:
Seems like a complete load of cow manure. What exactly is so special about an xbox 360 that it needs a "microsoft certified" router?


It likes to connect to other people also behind routers. And as any person who has ever tried to use file transfers via instant messengers can tell you, routers are a pain to deal with for direct connections.

I did find this page that explains the different NAT types the 360 will spit out in the diagnostics screen. Might help a bit.

The certified routers are ones that people at Microsoft went out and bought, then tested to ensure every small function of XBox Live works across it. They apparently spent a lot of time on this after seeing so many issues with the first XBox when they launched the Live service. Having come from a support background, I can understand why they would try to make an easy to identify symbol on routers to tell people to look for. The easier it is for people to get a compatible router, the less phone calls their support staff have to deal with.

I still am amazed at people who can actually figure out low end problems like this and come up with solutions. I'm still of the opinion that networks are half voodoo magic. Especially when things like a simple network buffer setting on some nForce based cards that was enable by default was causing problems only in very specific situations in World of Warcraft. My old roomate got hit by this, and basically this setting caused the character load cycle to not complete when he entered the game, but only if his character had a certain amount of items in his inventory. Again, network voodoo.
Posted by: jbauer

Re: XBox 360 Live router hell - 08/06/2006 03:09

From the description on that web page:

Strict NAT means the port-assignment policy is aggressive.

What the heck does that mean? Aggressive???

- Jon
Posted by: mlord

Re: XBox 360 Live router hell - 08/06/2006 11:08

Quote:
From the description on that web page:

Strict NAT means the port-assignment policy is aggressive.

What the heck does that mean? Aggressive???


Being a Microsoft product, I would guess that it means they have left a few backdoors either open or overly permissive, to make it easier to hack into (either on purpose from a gaming perspective, or inadvertently as a result of that).

Be afraid..